cloudscribe supports an automated logout feature after a period of inactivity, with a visual warning as the logout time approaches.
If there has been no activity by the currently logged-in user within a pre-configured time span (i.e. no new page requests from the server, and no form submissions posted back to the server), the validity of the user's login authentication cookie will expire, thereby requiring the user to re-authenticate at the next page request.
To configure this session expiry time, in minutes, use the following setting in the AppSettings section of the appsettings.json file:
"AppSettings": {
// auto-expire authentication (an integer, in minutes)
"MaximumInactivityInMinutes": "20"
},
If you leave the above line commented out, then the authentication cookie expiry behaviour will fall back to the default: i.e. the cookie will persist for the duration of the user's session, or (if the 'Remember Me' box was ticked at login), for two weeks.
If the above inactivity setting is in place, then as soon there is only one minute left before the user's session times out, a visual warning will be displayed, allowing the user to refresh their current session, or to logout.
To enable this visual warning, the following partial view must be included in the _Layout.cshtml file for the current theme:
<partial name="_AutoLogoutWarningPartial" />